Malicious npm Packages Spread Credential-Stealing Malware and Self-Replicating Supply Chain Attack

Listen to this Post

Featured Image

Introduction

A new wave of malicious activity has been discovered in the npm ecosystem, where compromised packages are being used to steal developer credentials and spread malware across software supply chains. Security researchers warn that the attack is not only focused on data theft but also includes worm-like self-propagation capabilities that allow infected packages to republish themselves and expand infection reach. The campaign highlights how modern supply chain attacks are evolving into multi-platform, cross-ecosystem threats that can impact both JavaScript and Python environments simultaneously.

Summary of the Original Report

Security researchers from Socket have identified malicious npm packages that are actively distributing credential-stealing malware designed to infiltrate developer environments and propagate through trusted software ecosystems. The affected packages include multiple versions of @automagik/genie and pgserve, both of which are associated with developer tooling workflows and are commonly used in software development pipelines. The malware is executed during installation through post-install scripts, allowing it to immediately begin collecting sensitive data from compromised systems. Once active, it scans for environment variables, configuration files, and system-stored secrets that may include cloud provider credentials, CI/CD tokens, SSH keys, and local developer artifacts such as npm configuration files and shell histories.

The malware also extends its reach beyond development environments by attempting to extract data from browsers, including stored passwords, session data, and cryptocurrency wallet extensions like MetaMask and Phantom. After gathering this information, the stolen data is exfiltrated using two communication channels, one standard HTTPS webhook and another using Internet Computer Protocol (ICP) canisters, which act as decentralized command and control infrastructure. The payload includes optional encryption mechanisms such as AES-256 and RSA, although in some cases data may still be transmitted in plaintext.

A particularly dangerous aspect of this malware is its self-propagation capability. It is designed to extract npm authentication tokens from infected systems, modify existing packages, inject malicious code, and republish them back into the registry, effectively turning trusted packages into new infection vectors. Researchers also observed attempts to extend this behavior into the Python ecosystem through PyPI by generating malicious packages using .pth file injection when valid credentials are available. The campaign shows similarities to previous supply chain attacks linked to TeamPCP, particularly in its use of post-install scripts and blockchain-based infrastructure for persistence and command and control operations.

Some of the affected packages appear to be legitimate projects that were likely hijacked rather than created purely for malicious purposes. Evidence suggests active usage in real environments, with at least one package reporting over 6,700 weekly downloads, increasing the potential impact of the attack. Researchers also identified inconsistencies between npm release versions and corresponding Git tags, raising further suspicion about unauthorized modifications. Security teams note that the situation is still evolving, with new malicious versions continuing to emerge and the full extent of the compromise not yet fully understood.

What Undercode Say:

The npm ecosystem continues to demonstrate how fragile modern software supply chains can be when trust is assumed rather than continuously verified
This attack is not simply credential theft but a full lifecycle compromise strategy that includes persistence, replication, and cross-ecosystem targeting
The use of post-install scripts is particularly dangerous because it executes code before developers can audit dependencies
Attackers are clearly shifting toward automation of propagation, turning each infected developer machine into a distribution node
The integration of ICP canisters shows a growing trend of using decentralized infrastructure to hide command and control traffic
This makes traditional detection methods significantly less effective since blockchain endpoints are harder to blacklist or shut down
The focus on developer credentials highlights how attackers are targeting the root of software trust rather than end users
Once npm tokens are compromised, attackers gain the ability to poison entire package ecosystems silently
The extension into PyPI indicates a deliberate multi-language strategy aimed at maximizing infection surface

Such cross-ecosystem attacks reduce the effectiveness of platform-specific defenses

The presence of legitimate packages suggests supply chain infiltration rather than purely malicious uploads

This implies either compromised maintainers or stolen publishing credentials

The high download counts amplify the potential blast radius of a single infected release
Inconsistencies between Git tags and published npm versions indicate possible unauthorized release manipulation
The malware’s ability to harvest browser wallets introduces financial theft risks beyond developer environments
Cryptocurrency extensions are increasingly becoming high-value targets in supply chain attacks
Self-replication through republishing is essentially a worm-like behavior inside package registries
This blurs the line between traditional malware and supply chain propagation engines
Encryption of exfiltrated data suggests operational maturity and intent to avoid network detection
However, fallback to plaintext transmission shows imperfect implementation or staged development
The evolution of such threats suggests attackers are testing automation at scale in real ecosystems
Developer trust in open-source registries is being actively exploited as an attack vector
Security scanning at install time is becoming insufficient without behavioral monitoring
Registry governance and token security are now critical weak points in modern development pipelines
Future attacks are likely to expand further into CI/CD systems and build pipelines
The ecosystem needs stronger verification mechanisms beyond package signing alone
Without intervention, supply chain malware will increasingly resemble self-sustaining networks rather than isolated infections
The situation reflects a broader shift toward autonomous, self-propagating cyber threats

Fact Checker Results

✔️ npm packages can execute code during installation through lifecycle scripts
✔️ Supply chain attacks often reuse stolen tokens to republish malicious packages
⚠️ Attribution of attacks to specific groups like TeamPCP remains unconfirmed in many cases

Prediction

Supply chain attacks will likely become more automated and cross-platform in the near future 🔮
Decentralized infrastructure like blockchain-based C2 will become more common in malware operations 🌐
Developers may face stricter package verification and identity binding requirements across registries 🚨

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: www.infosecurity-magazine.com
Extra Source Hub (Possible Sources for article):
https://www.instagram.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon